Still Too Big to Sue

November 4, 2013


Class Action suits are one avenue to harass Big Data over its ever expanding ways to violate consumers’ privacy. But the potential for a settlement that rivals our national debt is not out of the realm, when most of the suits have millions or even hundreds of millions of plaintiffs and are based upon violations of the Wire Tap Act which allow for statutory damages of $10,000 per illegal wire tap.


The cases usually end up being settled by the violators agreeing to a cy pres award: a fund to give to organizations that educate consumers on privacy.  Cy pres awards have been coming under fire as not being true to their name, which means “as close as possible”. In class actions, they are used to allow the court to make an award that promotes the interests of the class members instead of giving an award to the class itself – which means that the plaintiffs get maybe $10 and some (questionable?) organizations get millions. The US Supreme Court had the opportunity to review a recent Facebook class action settlement but declined it today. The court’s reasoning indicates they might still be interested in addressing the issue, but that this was bad case to use because it had such bad facts: the injured plaintiffs didn’t like that the organization getting $9 million is controlled by Facebook. What could be wrong with that? To read more, see Online Powerhouses – Too Big to Sue.

Wake Up US Cloud Computing Providers!

photo by Terry Robinson

August 8, 2013

The European press is eating your lunch! They are literally capitalizing on the PRISM scandal and they have no reason to be so smug. While a recent US based study by ITIF highlights that 10% of non-US residents had already cancelled a project with a US based cloud provider and that the US industry stands to lose up to $35 billion in the next three years, the Guardian and Irish Times are busily reporting on the secret surveillance programs in place abroad.

Yes, through its secret program, Tempora, the British are collecting telephone and online data from the 7 major telecoms running the undersea fiber-optics that form the backbone of the Internet. And as also highlighted in the study, most European governments can and do gather electronic data on their citizens without warrants. For more, please see The Dangers of European Clouds.

NSA Surveillance – All Perfectly Legal

Image by Setreset

Image by Setreset

June 18, 2013

Does anyone really think they know what the NSA is doing with all the data they can access? We only know what they feel is appropriate to tell us. But regardless of your comfort with the current state of secret government surveillance, it’s nothing new. In fact, FISA, the Foreign Intelligence Surveillance Act, officially hit middle age turning 35 years old this year. And managing government requests for customer information is a regular issue for cloud providers, telephone companies and ISPs. How do they get away with it? See Government Intrusion into the Cloud

Silly Contracts Impede Adoption of Cloud Computing


May 8, 2013

I love British understatement. In a recent article on British cloud blog,, a CIO pronounces cloud contracts “silly” when they don’t address customers’ requirements around privacy and compliance. Terms that overreach on limitations of liability and give providers rights to mine customer data are also deemed “silly”. His point isn’t silly though. Those silly terms keep customers from buying. My interpretation is more direct. I think they’re scary. See my Cloud Tweaks article on the issue: 5 Reasons Why Cloud Contracts Should Scare You

Got Rogue Clouds? Yes, It Does Really Matter

Photo by Eve Livesey

Photo by Eve Livesey

January 22, 2013

Rogue Clouds: the myriad of Dropbox accounts, implementations, media sharing apps, etc. that various parts of your business signup for without thinking twice and definitely without consulting IT or Legal. They happen everywhere, more often in large enterprises (83%) but also in small to medium size companies (70%) according to a recent global survey of over 3000 companies commissioned by Symantec.

Should you care? Only if you are concerned about maintaining the confidentiality of your sensitive data or worry about theft and the integrity of your websites. 40% of the companies surveyed reported disclosure of confidential information through rogue clouds. Over 25% reported account takeover issues, defacement of their web properties and other stolen property and services – all through the use of rogue clouds.

The cloud hype is relentless. It’s secure, it’s cheap, it’s the best way to store data. Even when the clouds weren’t rogue (meaning they were part of the companies’ IT strategies), the survey debunked many of those claims as well. 43% of the companies reported that they had lost data in the cloud. And what’s worse, 68% said that their data recovery operations failed. Of those that did recover their data, 22% said it took over 3 days. Hope you can operate without your data for that long – or forever.

Next, the survey showed that companies didn’t take advantage of the savings they might have gotten from their cloud storage. Companies typically pay for 6 times as much storage as they need. Plus, organizations must use additional solutions to backup their cloud data, which adds cost and inefficiencies to IT operations – and apparently doesn’t work very well.

And then there are the other risks related to how and where data is stored.

One challenge for cloud data storage is eDiscovery, pulling out the required information when a company is in litigation. 34% of the surveyed companies had eDiscovery requests for cloud data in the last 12 months, so this is why lawyers ask a few specific questions. They want to know about whether data is comingled (is your data easy to separate from other customers’ data or in other ways easy to search and retrieve only specific types of data); where the servers are located (jurisdictional issues when dealing with clouds in multi-national data centers are a nightmare); and data retention (data destruction schedules for litigation related data must be suspended until the case is resolved). The vast majority (2/3) of the companies missed their court ordered deadlines to deliver the information. 41% were never able to find or deliver the requested information. Companies reported paying fines and lost advantage in their cases as a result.

Finally, the survey also asked about privacy concerns. In the last 12 months, 23% of the respondents had been fined for privacy violations related to data stored in the cloud and over half of the companies were worried about their ability to prove they meet their privacy obligations when their data was in the cloud.

So, the potential risks that IT and the lawyers bring up about the cloud are real (isn’t it nice to know we aren’t just paranoid?). On the other hand, except for a few risk areas, about half of the cloud services worked well. So doing due diligence and choosing a good vendor are still very important.

Cindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational companies. Her expertise is in corporate law and commercial contracting, with an emphasis on international issues,  technology licensing and the Internet. She can be reached at

This publication is provided for informational purposes only. It does not constitute legal advice. There is no implicit guarantee that this information is correct, complete, or up to date. This publication is not intended to and does not create an attorney-client relationship between you and the author.